Credential TTL (tags/capabilities) should be credential time max delta, since we could get pushed one that is newer.

This commit is contained in:
Adam Ierymenko 2016-09-07 12:12:52 -07:00
parent a7d988745b
commit c9ee8612e4
4 changed files with 19 additions and 18 deletions

View file

@ -144,7 +144,7 @@ public:
}
/**
* Check whether a capability or tag is expired
* Check whether a capability or tag is within its max delta from the timestamp of our network config and newer than any blacklist cutoff time
*
* @param cred Credential to check -- must have timestamp() accessor method
* @return True if credential is NOT expired
@ -153,7 +153,8 @@ public:
inline bool isCredentialTimestampValid(const NetworkConfig &nconf,const C &cred) const
{
const uint64_t ts = cred.timestamp();
return ( ( (ts >= nconf.timestamp) || ((nconf.timestamp - ts) <= nconf.credentialTimeToLive) ) && (ts > _blacklistBefore) );
const uint64_t delta = (ts >= nconf.timestamp) ? (ts - nconf.timestamp) : (nconf.timestamp - ts);
return ((delta <= nconf.credentialTimeMaxDelta)&&(ts > _blacklistBefore));
}
/**